Antidote for RFPoison (Followup to RFP9906) Recently I released RFP9906: NT denial of service in services.exe (RFPoison). I included a limited sample exploit that would demonstrate the problem. Since then, I've worked with a few individuals and confirmed some configurations what will protect your system.
7d04c58afabcfae0c9ad8108d86888643b7d5e722aed854e013a8a8b7ccdde5eServices.exe DoS ported to python. This only seems to work on NT. Also, it may have to be run multiple times before SERVICES.EXE will die. Ported by nas.
3b9d830eb936de7fad335758f8b37d44a5c53ec539339d1bcac9874a2ef814f6Advisory RFP9907 - You, your servers, RDS, and thousands of script kiddies. .gov, .mil, and even microsoft.com haven fallen lately to the hands of website defacers. Turns out, it's all been because of RDS. This paper is the straight story on fixing the RDS hole.
a1562ec8e6c3de504d8609d33290529e67aa77bd45c35abf8a3f834df5775bd8MSADC/RDS exploit script version 2.
a24edf16f5e5055b6474324b0bffe2534dbf1db3fd73eb604a0b5591fb1a750dwhisker is what I've dubbed a 'next generation' CGI scanner. It is Scriptable. It's a programming-ish language that is tailored to do lots of flexible web scanning. Very stealthy. I've implemented anti-IDS checks into the scan. Whatmore, I've tested it...and let's just say I haven't seen an IDS so far catch a scan when all the IDS evasion switches are used. ;) Includes over 130 checks. Lots of options. Reads in nmap output, files full of domains, or single host. Virtual host support. Proxy support.
e3c18aa0b2882ee55dd870b64b7718820c0d6ccb6f21f1c1dd574f1ea506fe7fWindows NT remote denial of service and compromise (RFPoison). When sent a specific packet, it's possible to get srvsvc.dll to choke, and cause services.exe to reference a bad memory location. The impact is pretty severe. Services.exe handles named pipes for the system. Once this crashes, everything named-pipe-based goes with it. Combined with the AEDebug vulnerability, remote compromise is possible.
30fdab853650e808fbeaf377b9dc6694e8c922c4a560d2c7c3d2c1b33d0ec56aZeus is a high-performance webserver available from Zeus Technologies (www.zeus.co.uk). There's a myriad of problems, that when combined together, could yield a remote root compromise.
65d6f38cd31d99a0d42671ac5798e0b7297ec2bffefafb358fe4c9721a74e92bWindows 95 updated RDS exploit.
149a610621db59471d4420731c09658ea691396164cc0d8d1ac34ce2e22ef793nmapstub-1.c (shell version) - This file reads in nmap (v2.x human) output, puts it into port and host structures, and then can call whatever routines you want (per host) to check for exploits, etc.
603ab0e39a01c904c74c243d13e5e1dd5507840d7175b8eefb46022e7fe3ff30nmapstub.pl (Perl version) - This file reads in nmap (v2.x human) output, puts it into port and host structures, and then can call whatever routines you want (per host) to check for exploits, etc.
9eec95df46627f3dd083c753b015c8efe211bd6294035d83d4a1d8e1e06fc21bLatest release on rfp's perl-based nmap stub. This program reads in nmap output and parses it into easy to use structures that you can use in your code.
778f5df29eb9440ab9cf1fdc25aa0f4d944509189388f05e04b7d2b96d12e843Cold Fusion v4.0 security - A variety of security holes described in Cold Fusion v4.0.
230ff3e0a74a6aa551135eb38cf3d5bd7af5e943be271533a4de040b6cca45df
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed